-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathDockerfile
162 lines (126 loc) · 5.36 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# syntax=docker/dockerfile:1.8
# check=error=true
## Multi-stage build!
# Pull latest prebuilt Echidna binary.
# TODO: "Ensure the base image uses a non latest version tag"
FROM --platform=linux/amd64 ghcr.io/crytic/echidna/echidna:latest AS echidna
# Grab at least python 3.12
FROM python:3.12-slim as python-base
# Base debian build (latest).
FROM mcr.microsoft.com/vscode/devcontainers/base:debian
# Switch to root (the default might be root anyway)
USER root
COPY --from=python-base /usr/local /usr/local
# Super basic stuff to get everything started
RUN apt-get update -y && apt-get install -y \
zsh python3-dev libpython3-dev build-essential vim curl git sudo pkg-config \
--no-install-recommends
# The base container usually has a “vscode” user. If not, create one here.
RUN echo "vscode ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
# Switch to vscode (drop privs)
USER vscode
WORKDIR /home/vscode
# Set HOME and create quests folder
ENV HOME=/home/vscode
RUN mkdir -p ${HOME}/quests && chown vscode:vscode ${HOME}/quests
# Set neded paths (for python, pix, pnpm)
ENV USR_LOCAL_BIN=/usr/local/bin
ENV LOCAL_BIN=${HOME}/.local/bin
ENV PNPM_HOME=${HOME}/.local/share/pnpm
ENV PATH=${PATH}:${USR_LOCAL_BIN}:${LOCAL_BIN}:${PNPM_HOME}
# Install pipx
RUN python3 -m pip install --no-cache-dir --upgrade pipx
# Make sure pipx's paths are set
RUN pipx ensurepath
# Set asdf manager version
ENV ASDF_VERSION=v0.15.0
# Set the default shell to zsh
ENV SHELL=/usr/bin/zsh
# Running everything under zsh
SHELL ["/usr/bin/zsh", "-ic"]
# Install golang's latest version through asdf
RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch ${ASDF_VERSION} && \
echo '. $HOME/.asdf/asdf.sh' >> $HOME/.zshrc && \
echo 'fpath=(${ASDF_DIR}/completions $fpath)' >> $HOME/.zshrc && \
echo 'autoload -Uz compinit && compinit' >> $HOME/.zshrc && \
. $HOME/.asdf/asdf.sh && \
asdf plugin add golang && \
asdf install golang latest && \
asdf global golang latest
## Install rust
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y && source $HOME/.cargo/env
USER root
## Install nvm, yarn, npm, pnpm
RUN curl -o- https://raw.githubusercontent.com/devcontainers/features/main/src/node/install.sh | bash
RUN chown -R vscode:vscode ${HOME}/.npm
USER vscode
RUN pnpm install hardhat -g
# Python installations
# Install slither (through napalm-core), crytic-compile (through napalm-core), solc (through napalm-core), vyper, mythx, panoramix, slider-lsp (needed for contract explorer), napalm-toolbox
RUN pipx install napalm-core --include-deps && \
pipx install vyper && \
pipx install panoramix-decompiler && \
pipx install slither-lsp && \
pipx install mythril && \
pipx install napalm-toolbox && \
pipx install semgrep && \
pipx install slitherin && \
solc-select install 0.4.26 0.5.17 0.6.12 0.7.6 0.8.10 latest && solc-select use latest
# Fetch and install setups
## ityfuzz
RUN curl -fsSL https://ity.fuzz.land/ | zsh
RUN ityfuzzup
## Foundry framework
RUN curl -fsSL https://foundry.paradigm.xyz | zsh
RUN foundryup
## Aderyn
RUN curl -fsSL https://raw.githubusercontent.com/Cyfrin/aderyn/dev/cyfrinup/install | zsh
RUN cyfrinup
## Halmos
### First installs uv, and then the latest version of halmos and adds it to PATH
RUN curl -fsSL https://astral.sh/uv/install.sh | bash && \
uv tool install halmos
## Heimdall
### Replace 'bifrost' call for 'bifrost -B' so it downloads de binary instead of compiling it.
### Right now this debian uses a glibc version lower than heimdall needs.
RUN curl -fsSL https://get.heimdall.rs | zsh && \
. ${HOME}/.cargo/env && \
${HOME}/.bifrost/bin/bifrost
# Git clone, compile kind of installations
## Install Medusa
### Set working directory for Medusa operations
WORKDIR ${HOME}/medusa
RUN git clone https://github.com/crytic/medusa ${HOME}/medusa && \
export LATEST_TAG="$(git describe --tags | sed 's/-[0-9]\+-g\w\+$//')" && \
git checkout "$LATEST_TAG" && \
go build -trimpath -o=${HOME}/.local/bin/medusa -ldflags="-s -w" && \
chmod 755 ${HOME}/.local/bin/medusa
#### Return to the home directory and clean up
WORKDIR ${HOME}
RUN rm -rf medusa/
# Copy prebuilt Echidna binary
COPY --chown=vscode:vscode --from=echidna /usr/local/bin/echidna ${HOME}/.local/bin/echidna
RUN chmod 755 ${HOME}/.local/bin/echidna
# Clone useful repositories inside quests
WORKDIR ${HOME}/quests
RUN git clone --depth 1 https://github.com/crytic/building-secure-contracts.git
# Back to home in case we want to do something later.
WORKDIR ${HOME}
# Do some things as root
USER root
## Add completions for medusa, anvil, cast, forge.
RUN mkdir -p /usr/share/zsh/site-functions && \
medusa completion zsh > /usr/share/zsh/site-functions/_medusa && \
for tool in anvil cast forge; do \
"$tool" completions zsh > /usr/share/zsh/site-functions/_$tool; \
done
## Clean
RUN apt-get autoremove -y && apt-get clean -y
## Configure MOTD
COPY --link --chown=root:root motd /etc/motd
RUN echo '\ncat /etc/motd\n' >> ~/.zshrc
## back to user!
USER vscode
# Example HEALTHCHECK, we don't need once since we're not using services. If you add services in the future, you would need to add "something" like this:
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 CMD \
zsh -c 'command -v echidna && command -v medusa && command -v slither && command -v solc && echo "OK" || exit 1'